Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

HR Authorization - How to stop looking historical enterprise structure

Former Member
0 Kudos

Hello Experts,

I have few user who is assigned to display the master data of personnel area 5400. Now an employee is moved from personnel area 5400 to personnel area 5900. And this user is still able to view the master data of 5900. How to stop that checking the authorization based on the historical data.

Please advise.

Thank you.

saplover

4 REPLIES 4

Former Member
0 Kudos

> I have few user who is assigned to display the master data of personnel area 5400.

Okay.

> Now an employee is moved from personnel area 5400 to personnel area 5900.

Okay.

> And this user is still able to view the master data of 5900.

Okay

> How to stop that checking the authorization based on the historical data.

You cannot code a back-dated authority-check, atleast not easily nor performance wise.

If the employee is moved, then records (which were also moved, created...) for the personnel area they have access to are subsequently visible to them as well, if they have access to that infotype, subtype, etc.

Perhaps you need to change their role, if they changed their job function??

Take a read through function module HR_READ_INFOTYPE for a better understanding. The HR objects are generally designed to give access for HR people... unless reporting people (in aggregated form => object P_ABAP...) or unless personally (object P_PERNR...).

Take a look in tcode SU21 for more infos.

Cheers,

Julius

former_member74904
Contributor
0 Kudos

in addition to the technicalities julius has stated above, I'd like to add that you should take a look at the ORGPD authorization switch.

this has an impact on determining teh period of responsability through organizational assignment.

here are some links to help you get started:

[AUTSW ORGPD|http://help.sap.com/saphelp_47x200/helpdata/en/e8/bab83b5b831f3be10000000a114084/frameset.htm|authorization switch ORGPD]

[determining the period of responsibility|http://help.sap.com/saphelp_47x200/helpdata/en/e8/bab83b5b831f3be10000000a114084/frameset.htm]

Edited by: Dimitri van Heumen on Oct 3, 2008 3:00 PM typos...

Former Member
0 Kudos

Thank you.

0 Kudos

Hi SAPLover

Try to have a look at view T_582A (with SM30). if the "Access Auth" is Not checked for a specific infotype, the administrator has access to this infotype of an employee, if one of the employees organisational assignment falls into the administrators area of responsibility.

if it's checked the administrators access right are evaluated based on the Time Logic in SAP HR - see [saphelp|http://help.sap.com/saphelp_erp2005vp/helpdata/en/5b/4bba3b3bf00152e10000000a114084/frameset.htm]

Maybe this can do the trick ?

Regards

Morten